Re: [PATCH 2/2] genirq: proc: fix a procfs entry leak
From: Bartosz Golaszewski
Date: Tue Aug 29 2023 - 02:27:23 EST
On Mon, Aug 28, 2023 at 11:44 PM Thomas Gleixner <tglx@xxxxxxxxxxxxx> wrote:
>
> On Mon, Aug 28 2023 at 21:03, Bartosz Golaszewski wrote:
> > On Mon, Aug 28, 2023 at 2:41 PM Thomas Gleixner <tglx@xxxxxxxxxxxxx> wrote:
> >> > I guess you're referring to irq_alloc_descs()? Anyway, here's a
> >> > real-life example: we have the hid-cp2112 module which drives a
> >> > GPIO-and-I2C-expander-on-a-USB-stick. I plug it in and have a driver
> >> > that requests one of its GPIOs as interrupt. Now I unplug it. How has
> >> > taking the reference to the hid-cp2112 module protected me from
> >> > freeing an irq domain with interrupts in use?
> >>
> >> request_irq() does not care which module request the interrupt. It
> >> always takes a refcount on irq_desc::owner. That points to the module
> >> which created the interrupt domain and/or allocated the descriptors.
> >>
> >> IOW, this needs a mechanism to store the module which creates the
> >> interrupt domain somewhere in the domain itself and use it when
> >> allocating interrupt descriptors. So in your case this would take a
> >> refcount on the GPIO module.
> >>
> > This is still not complete. In the above example, the USB bus can
> > still unbind the GPIO device that created the domain on hot-unplug,
> > triggering its cleanup routines (.remove(), devres chain) and
> > destroying the domain and keeping the reference to the hid-cp2112
> > module will not help it. This is why I suggested tracking the irq
> > requests and freeing them in said cleanup path.
>
> Are you actually reading what I write?
>
> >> So in your case this would take a refcount on the GPIO module.
>
> That's the module which provides the interrupt domain and hid-whatever
> is the one which requests the interrupt, no?
>
Not at all! This is what I said: "we have the hid-cp2112 module which
drives a GPIO-and-I2C-expander-on-a-USB-stick". Meaning: the
hid-cp2112 module registers a USB driver for a GPIO expander on a
stick. This GPIO chip is the interrupt controller here. It's the USB
stick that provides interrupts for whatever else needs them (in real
life: it can be an IIO device on the I2C bus which signals some events
over the GPIOs). The user can get the interrupt number using the
gpiod_to_irq() function. It can be unplugged at any moment and module
references will not stop the USB bus from unbinding it.
Bartosz